You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@maven.apache.org by "Michael Osipov (Jira)" <ji...@apache.org> on 2021/01/24 20:48:00 UTC

[jira] [Commented] (MNG-6435) DefaultSettingsBuilder assumes all SettingsReader/Writer impls will use XML

    [ https://issues.apache.org/jira/browse/MNG-6435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17270983#comment-17270983 ] 

Michael Osipov commented on MNG-6435:
-------------------------------------

I have done further investigation and removing this isn't really possible at the moment due to bad design and a failing IT.  The {{interpolate}} method interpolates instead on a memory/object model on the serialized model. It does not know anything about the implementation of the settings writer. It assumes to be XML. The problem is that it lacks abstraction. If you would have a model in YAML a "&x" isn't a problem in a string, but it would be changed for different semantics.
To solve this one should write an object visitor which interpolates each string separately or you need some notion from the writer how to escape its input w/o disclosing that this is XML, YAML, JSON or else. Something like an {{InterpolationPostProcessor}} generated by Modello.

> DefaultSettingsBuilder assumes all SettingsReader/Writer impls will use XML
> ---------------------------------------------------------------------------
>
>                 Key: MNG-6435
>                 URL: https://issues.apache.org/jira/browse/MNG-6435
>             Project: Maven
>          Issue Type: Improvement
>          Components: Settings
>    Affects Versions: 3.5.3
>            Reporter: Laird Nelson
>            Assignee: Michael Osipov
>            Priority: Minor
>             Fix For: 4.0.x-candidate
>
>
> On or around line 234, interpolation of settings assumes XML:
> {code}
> interpolator.addPostProcessor( new InterpolationPostProcessor()
> {
>   @Override
>   public Object execute( String expression, Object value )
>   {
>     if ( value != null )
>     {
>       // we're going to parse this back in as XML so we need to escape XML markup
>       value = value.toString().replace( "&", "&amp;" ).replace( "<", "&lt;" ).replace( ">", "&gt;" );
>       return value;
>     }
>     return null;
>   }
> } );
> {code}
> The value being interpolated here is the result of a {{SettingsWriter}}'s output.  Obviously this kind of escaping doesn't make any sense if the {{SettingsWriter}} in question is not XML-based.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)